Fresh off the Gartner Identity and Access Management Summit in Las Vegas, I headed out to Kanab, Utah to spend a Micro Focus volunteer day at Best Friends Animal Sanctuary. What could be better than spending three days with customers, partners and colleagues having great conversations about IAM, and then following it up with one-on-one time with adorable animals in some of the most beautiful country in the United States?
Best Friends is a no-kill sanctuary for over 1500 animals, including dogs, cats, rabbits, farm animals and wildlife. Sometimes referred to as a Disneyland for animal lovers, it's truly a magical place that I've been fortunate to visit twice now. They do wonderful work here to rehabilitate abandoned and abused animals, and their outreach work has saved countless animals and changed animal welfare laws across the U.S.
But why am I writing about animals on a security blog? Well, there is a connection, and it has to do with Identity and Access Management. Best Friends Animal Sanctuary provides a really great way to understand some of the key areas of IAM, including Identity, Access, and Privilege.
Let's start with identity management. As we always say, identities are no longer just humans. They are devices, systems, bots, applications - and sometimes they are animals. You could think of every animal at Best Friends as holding an identity. And as for humans at the sanctuary, they could hold multiple affiliations, such as employee, donor, adopter, volunteer, or guest (I stayed in a cottage on the property).
What about access management? For dogs at Best Friends, it starts with the color of their collar. Red means staff only, purple means no one under 18 years old, and green means safe for all. The color of a dog's collar can change over time. For example, I walked a dog who had previously been a red-collar dog, but was now safe for an adult to handle. Its attributes had changed over time, enabling greater access, just like an employee whose role changes over time.
Access is also controlled in other ways. Volunteers are allowed only in certain areas of the sanctuary, and need to sign waivers and watch orientation videos before accessing those areas. Different types of animals are housed in different sections of the property, and paired up only with compatible animal companions. New animals go through an admissions process where they are segregated from regular residents until they can be assessed. Just like with IAM, the sanctuary must keep track of all this identity information to make informed decisions about access.
Lastly, privilege management plays a big part of managing the sanctuary. Staff members who manage the animal housing areas carry significant responsibility. Not only do they hold the physical keys to their animal housing areas, but they need to keep the highest-risk animals separate from the other animals, whether it's a sick animal or one that is reactive to other animals and needs carefully chosen friends. And they need to make sure that everyone is kept safe, from volunteers to colleagues to the animals under their care.
This is not a job that can be given to just anyone, and it's certainly not a responsibility that can be controlled with one key and common access privileges shared across all staff. Nor should these privileged users have access to other key areas of the operation, such as managing donations or cash generated through Best Friends merchandise at the gift shop and online. For a non-profit organization like Best Friends Animal Society, it is critical that users are granted only the privileges they need, when they need them.
These are all concepts that would be familiar to anyone involved in Identity and Access Management. In fact, Identity, Access and Privilege apply to practically everything in our day-to-day lives, including healthcare, retail, education, government services, and technology. Having said that, I won't lie and say I was thinking about IAM while I was playing with puppies and cuddling with Holiday, my sleepover dog!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.